We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit d2145a5b authored by Evan Prodromou's avatar Evan Prodromou

Move rights check to profile and add right for new notices

Added a right for new notices, realized that the hasRight() method
should be on the profile, and moved it.

Makes this a less atomic commit but that's the way it goes sometimes.
parent 02cc7af1
......@@ -195,10 +195,8 @@ class Notice extends Memcached_DataObject
' take a breather and post again in a few minutes.'));
}
$banned = common_config('profile', 'banned');
if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) {
common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id).");
if (!$profile->hasRight(Right::NEWNOTICE)) {
common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname);
throw new ClientException(_('You are banned from posting notices on this site.'));
}
......
......@@ -661,4 +661,42 @@ class Profile extends Memcached_DataObject
{
$this->revokeRole(Profile_role::SILENCED);
}
/**
* Does this user have the right to do X?
*
* With our role-based authorization, this is merely a lookup for whether the user
* has a particular role. The implementation currently uses a switch statement
* to determine if the user has the pre-defined role to exercise the right. Future
* implementations may allow per-site roles, and different mappings of roles to rights.
*
* @param $right string Name of the right, usually a constant in class Right
* @return boolean whether the user has the right in question
*/
function hasRight($right)
{
$result = false;
if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
switch ($right)
{
case Right::DELETEOTHERSNOTICE:
case Right::SANDBOXUSER:
case Right::SILENCEUSER:
case Right::DELETEUSER:
$result = $this->hasRole(Profile_role::MODERATOR);
break;
case Right::CONFIGURESITE:
$result = $this->hasRole(Profile_role::ADMINISTRATOR);
break;
case Right::NEWNOTICE:
$result = !$this->isSilenced();
break;
default:
$result = false;
break;
}
}
return $result;
}
}
......@@ -657,39 +657,10 @@ class User extends Memcached_DataObject
return Design::staticGet('id', $this->design_id);
}
/**
* Does this user have the right to do X?
*
* With our role-based authorization, this is merely a lookup for whether the user
* has a particular role. The implementation currently uses a switch statement
* to determine if the user has the pre-defined role to exercise the right. Future
* implementations may allow per-site roles, and different mappings of roles to rights.
*
* @param $right string Name of the right, usually a constant in class Right
* @return boolean whether the user has the right in question
*/
function hasRight($right)
{
$result = false;
if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
switch ($right)
{
case Right::DELETEOTHERSNOTICE:
case Right::SANDBOXUSER:
case Right::SILENCEUSER:
case Right::DELETEUSER:
$result = $this->hasRole(Profile_role::MODERATOR);
break;
case Right::CONFIGURESITE:
$result = $this->hasRole(Profile_role::ADMINISTRATOR);
break;
default:
$result = false;
break;
}
}
return $result;
$profile = $this->getProfile();
return $profile->hasRight($right);
}
function delete()
......
......@@ -50,5 +50,6 @@ class Right
const DELETEUSER = 'deleteuser';
const SILENCEUSER = 'silenceuser';
const SANDBOXUSER = 'sandboxuser';
const NEWNOTICE = 'newnotice';
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment